Hello ! >> >> With such list it works, but without encoding (data send in cleartext, connection established as Cipher: NULL-SHA) >> >> and if I remove eNULL on client side, it doesn't connect - server wait repeat of client cookue forever. >> >> At the same time, "openssl s_client -dtls1 ..." connects fine, with Cipher: AES256-SHA > > Then debug why the server is ignoring the client request. > OpenSSL has good debug output, in worst case add new prints... > Actually, I have traced it to ClientHello cookie exchange: test client connects to server, server calls generate_cookie() and never calls verify_cookie(). If I connect to test server using openssl s_client - server calls both generate_cookie() and verify_cookie(), and connection establishes. If I return eNULL back in client ciphers list, server do not call generate_cookie(), and connection went OK. If I comment out SSL_CTX_set_cookie_generate_cb() on server side, it still doesn't connect using test client but still connectes using openssl s_client. -- Александр Деревянко/Aleksander Derevianko Нач. отдела новых аппаратно-программных средств Бомбардье Транспортейшн (Сигнал)/Bombardier Transportation (Signal) Ltd. T: +74959255370 Доб. 265 M: +79859229755 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
